Postgres Pro
Downloads
Home   >   mailing lists

Re: PG 14 release notes, first draft - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: PG 14 release notes, first draft
Date
Msg-id 20210517025102.GA24531@momjian.us
Whole thread Raw
In response to Re: PG 14 release notes, first draft  (Alvaro Herrera <alvherre@alvh.no-ip.org>)
Responses Re: PG 14 release notes, first draft
List pgsql-hackers
Tree view 
On Sat, May 15, 2021 at 07:05:35PM -0400, Álvaro Herrera wrote:
> On 2021-May-12, Bruce Momjian wrote:
> 
> > OK, updated text:
> > 
> >     <listitem>
> >     <!--
> >     Author: Peter Eisentraut <peter@eisentraut.org>
> >     2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
> >     -->
> >     
> >     <para>
> >     Change the default of the password_encryption server parameter
> >     to scram-sha-256 (Peter Eisentraut)
> >     </para>
> >     
> >     <para>
> >     Previously it was md5.    All new passwords will be stored as SHA256
> >     unless this server variable is changed or the password is already
> >     md5-hashed.  Also, the legacy (and undocumented) boolean-like
> >     values which were previously synonyms of <literal>md5</literal>
> >     are no longer accepted.
> >     </para>
> >     </listitem>
> 
> Thanks, looks ok as far as what the original point was about.
> 
> I have to say that this sentence is a bit odd: "All new passwords will
> be stored as sha256 unless ... the password is already md5-hashed".
> Does this mean that if you change a password for a user whose password
> was md5, the new one is stored as md5 too even if the setting is
> scram-sha-256?  Or if "the password" means an old password, then why is
> it a new password?

OK, what I was trying to say was that if you dump/restore, and the old
password was md5, the newly-restored password will be md5, but it was
very unclear.  I changed it to this:

    <listitem>
    <!--
    Author: Peter Eisentraut <peter@eisentraut.org>
    2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
    Author: Peter Eisentraut <peter@eisentraut.org>
    2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
    -->
    
    <para>
    Change the default of the password_encryption server parameter to
    scram-sha-256 (Peter Eisentraut)
    </para>
    
    <para>
    Previously it was md5.    All new passwords will be stored as SHA256
    unless this server variable is changed or the password is specified
    in md5 format.    Also, the legacy (and undocumented) boolean-like
    values which were previously synonyms for <literal>md5</literal>
    are no longer accepted.
    </para>
    </listitem>

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  If only the physical world exists, free will is an illusion.

pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: Rewriting the test of pg_upgrade as a TAP test - take three - remastered set
Next
From: Andy Fan
Date:
Subject: Re: Condition pushdown: why (=) is pushed down into join, but BETWEEN or >= is not?